Class Based Selection
Peter Frischknecht
peter@empoweringsolutions.com
Fri, 4 Jan 2002 01:53:00 -0500
Maybe this has already been covered, but I could not find it in the
archives.
What if I want to specify an action based on a class, instead of a
single ip address.
Real life Scenario:
(forget throttle for now, that is already taken care of)
I want to limit the number of connections any single user can have
to/from a specific port. Let's use 1214 (morpheus).
This works:
iptables -I FORWARD -s 192.168.10.10 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
Now...I would like for ALL of my users to be imposed the same rule,
without having to create a single entry for each IP address.
Can it be done? I don't want:
iptables -I FORWARD -s 192.168.10.0/24 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
It would simply keep the entire site limited to 4 connections.
Whatever the command is, it would be the same as:
iptables -I FORWARD -s 192.168.10.10 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
iptables -I FORWARD -s 192.168.10.11 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
iptables -I FORWARD -s 192.168.10.12 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
iptables -I FORWARD -s 192.168.10.13 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
iptables -I FORWARD -s 192.168.10.14 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT
...
Your reply would be greatly appreciated.
Peter Frischknecht
Empowering Solutions, Inc.